14

Can I use the Raspberry Pi as a Linux firewall?

Can anyone tell me the best way of doing this? Including network connection details and hardware I may need.

Jivings
  • 22,538
  • 11
  • 90
  • 139
System Down
  • 733
  • 2
  • 6
  • 9
  • Once configured, please could you publish some metrics? I reckon the RPi might be alright, but remember the network connection is only 100M. – Alex Chamberlain Jun 28 '12 at 06:24
  • 2
    Not only that, but it's over the usb interface which is shared with all usb stuffs. OpenWRT is honestly a better option – user606723 Jun 28 '12 at 19:25

1 Answers1

12

You will want to add a second network connection to you Pi (either a usb to ethernet or WiFi dongle. Then you will want to install iptables and configure it as a home router.

Having said that you will likely have performance issues going this route. In the end you may be better off picking up an older router that supports dd-wrt that allows you to customize the way your router works (traffic shaping, DNS server etc.)

tlhIngan
  • 3,372
  • 5
  • 19
  • 33
Steve Robillard
  • 34,687
  • 17
  • 103
  • 109
  • 2
    I wouldn't use iptables directly. I would use shorewall or ufw to set up the firewall.

    You strictly doesn't need two network connections, you can run run more then one IPv4-net on same connector.

     – Anders Jun 28 '12 at 00:07
  • 3
    @anders you are correct you don't need a second network adapter, the second offers slightly better security. I agree a new user may want to use one of the frontends for iptables (like shorewall) rather than iptables directly (I am an old guy and have a set of rules deployed with puppet). – Steve Robillard Jun 28 '12 at 00:17
  • 2
    I would thoroughly encourage people to try to configure iptables - I learnt a lot about networks the first time I did it, and as long as the network configuration is relatively simple, it's not that hard either. IMHO home networks aren't at that much risk anyway, but be careful allowing traffic to flow from WiFi connections to other PCs. – Alex Chamberlain Jun 28 '12 at 06:22
  • Alex, I would if what you want to learn is firewalling. If not, then shorewall or even ufw is a better choice. There are really so many things to consider so it's better to use others knowled here. But it's not that hard to look at the output from sudo iptables -L if you are interested. Don't forget to use ip6tables to firewall your IPv6 net. ufw has rules for that to. – Anders Jun 29 '12 at 17:21
  • This guide is about setting up the Pi as a router/firewall with iptables, using a USB ethernet adapter and the on-oard one. I used that guide but connect to the internet with a GSM modem. Works well! – Frepa Nov 05 '12 at 20:13